package springsecuritylearn.springsecuritylearn.hello2;//package com.feizhou.oauth.hello2;
//
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.core.userdetails.User;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.crypto.password.NoOpPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.provisioning.InMemoryUserDetailsManager;
//
//@EnableWebSecurity
//@Configuration
//public class WebSecurityConfig2 extends WebSecurityConfigurerAdapter {
//
//
//    //定义用户信息服务（查询用户信息）
//    @Bean
//    public UserDetailsService userDetailsService(){
//        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
//        manager.createUser(User.withUsername("admin").password("admin").authorities("p1").build());
//        manager.createUser(User.withUsername("user").password("user").authorities("p2").build());
//        return manager;
//    }
//
//    //密码编码器,不加密
//    @Bean
//    public PasswordEncoder passwordEncoder(){
//        //不加密
//        return NoOpPasswordEncoder.getInstance();
//    }
//
//    //web  url 拦截规则
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//
//                .antMatchers("/admin/p1").hasAuthority("p1")//访问/admin/p1权限，需要有p1权限
//                .antMatchers("/user/p2").hasAuthority("p2")//访问/user/p2，需要有p2权限
//                .anyRequest().authenticated()//所有其他请求必须认证通过
//                .and()
//                .formLogin()
//                .loginPage("/login")
//                .successForwardUrl("/login-success")//自定义登录成功的页面地址
//                .permitAll()
//                .and()
//                .logout()
//                .permitAll();
//    }
//}